Sensitive File Exposure in Pretix by Pretix GmbH
CVE-2025-14882

3.8LOW

Key Information:

Vendor: Pretix
Status: Pretix-offlinesales
Vendor: CVE Published:; 19 December 2025

What is CVE-2025-14882?

A security flaw in Pretix allows users to access sensitive files belonging to other users by exploiting an API endpoint. By knowing the UUID of a file, unauthorized individuals can gain access to information that should be restricted, posing privacy and data security risks.

Affected Version(s)

pretix-offlinesales 1.12.0 <= 1.12.1

References

https://pretix.eu/about/en/blog/20251218-release-2025-10-1/

vendor-advisory

CVSS V4

Score:

3.8

Severity:

LOW

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2025
Vulnerability Reserved
Dec 18, 2025

JSON